๐Ÿ” CVE Alert

CVE-2025-13601

HIGH 7.7

Glib: integer overflow in in g_escape_uri_string()

CVSS Score
7.7
EPSS Score
0.0%
EPSS Percentile
1th

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.

CWE CWE-190
Published Nov 26, 2025
Last Updated Apr 13, 2026
Stay Ahead of the Next One

Get instant alerts for

Be the first to know when new high vulnerabilities are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High

Affected Versions

Red Hat / Red Hat Enterprise Linux 10
All versions affected
Red Hat / Red Hat Enterprise Linux 10.0 Extended Update Support
All versions affected
Red Hat / Red Hat Enterprise Linux 7 Extended Lifecycle Support
All versions affected
Red Hat / Red Hat Enterprise Linux 8
All versions affected
Red Hat / Red Hat Enterprise Linux 8.2 Advanced Update Support
All versions affected
Red Hat / Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
All versions affected
Red Hat / Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
All versions affected
Red Hat / Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
All versions affected
Red Hat / Red Hat Enterprise Linux 8.6 Telecommunications Update Service
All versions affected
Red Hat / Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
All versions affected
Red Hat / Red Hat Enterprise Linux 8.8 Telecommunications Update Service
All versions affected
Red Hat / Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
All versions affected
Red Hat / Red Hat Enterprise Linux 9
All versions affected
Red Hat / Red Hat Enterprise Linux 9
All versions affected
Red Hat / Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
All versions affected
Red Hat / Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions
All versions affected
Red Hat / Red Hat Enterprise Linux 9.4 Extended Update Support
All versions affected
Red Hat / Red Hat Enterprise Linux 9.6 Extended Update Support
All versions affected
Red Hat / Red Hat OpenShift Container Platform 4.12
All versions affected
Red Hat / Red Hat OpenShift Container Platform 4.13
All versions affected
Red Hat / Red Hat OpenShift Container Platform 4.14
All versions affected
Red Hat / Red Hat OpenShift Container Platform 4.15
All versions affected
Red Hat / Red Hat OpenShift Container Platform 4.16
All versions affected
Red Hat / Red Hat OpenShift Container Platform 4.17
All versions affected
Red Hat / Red Hat OpenShift Container Platform 4.18
All versions affected
Red Hat / Red Hat OpenShift Container Platform 4.19
All versions affected
Red Hat / Red Hat Ceph Storage 8
All versions affected
Red Hat / Red Hat Discovery 2
All versions affected
Red Hat / Red Hat Discovery 2
All versions affected
Red Hat / Red Hat Insights proxy 1.5
All versions affected
Red Hat / Red Hat Update Infrastructure 5
All versions affected
Red Hat / Red Hat Update Infrastructure 5
All versions affected
Red Hat / Red Hat Update Infrastructure 5
All versions affected
Red Hat / Red Hat Update Infrastructure 5
All versions affected
Red Hat / Red Hat Enterprise Linux 10
All versions affected
Red Hat / Red Hat Enterprise Linux 6
All versions affected
Red Hat / Red Hat Enterprise Linux 8
All versions affected
Red Hat / Red Hat Enterprise Linux 9
All versions affected
Red Hat / Red Hat Hardened Images
All versions affected

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
access.redhat.com: https://access.redhat.com/errata/RHSA-2026:0936 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:0975 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:0991 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:1323 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:1324 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:1326 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:1327 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:1465 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:1608 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:1624 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:1625 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:1626 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:1627 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:1652 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:1736 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2064 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2072 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2485 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2563 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2633 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2659 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2671 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2974 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3415 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4419 access.redhat.com: https://access.redhat.com/security/cve/CVE-2025-13601 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2416741 gitlab.gnome.org: https://gitlab.gnome.org/GNOME/glib/-/issues/3827 gitlab.gnome.org: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914